diff options
| author |   Mike Frysinger <vapier@gentoo.org> | 2009-04-01 06:59:20 -0400 |
|---|---|---|
| committer | Mike Frysinger <vapier@gentoo.org> | 2009-04-05 03:54:02 -0400 |
| commit | 60c1345bfa4f5e37adade3cfbb8ae8834475af3b (patch) | |
| tree | fa089d1b1da08a20f792c4bba7fb4be8b384b811 /configure.ac | |
| parent | libsandbox: enable tracing for multiple personalities (diff) | |
| download | sandbox-60c1345bfa4f5e37adade3cfbb8ae8834475af3b.tar.gz sandbox-60c1345bfa4f5e37adade3cfbb8ae8834475af3b.tar.bz2 sandbox-60c1345bfa4f5e37adade3cfbb8ae8834475af3b.zip | |
libsandbox: tweak /proc/.../cmdline check for hardened
Some hardened systems disable /proc/#/ access when the process in question
is not owned by the current user.
URL: http://bugs.gentoo.org/264476
Signed-off-by: Mike Frysinger <vapier@gentoo.org>
Reported-by: Andreas Westin <forsaken@forsaken.se>
Diffstat (limited to 'configure.ac')
| -rw-r--r-- | configure.ac | 5 |
1 files changed, 3 insertions, 2 deletions
diff --git a/configure.ac b/configure.ac index a7c52b4..5e7abe0 100644 --- a/configure.ac +++ b/configure.ac @@ -317,8 +317,8 @@ dnl Check for /proc/ features AC_DEFUN([SB_CHECK_PATH],[dnl AC_MSG_CHECKING([for $1]) if test -e "$1$2" ; then - AC_DEFINE([SANDBOX]m4_translit(m4_toupper([$1]), [/], [_]), - [1], [System has /proc/self/fd/]) + AC_DEFINE([SANDBOX]m4_translit(m4_toupper([$1]), [/$], [_d]), + [1], [System has $1]) AC_MSG_RESULT([yes]) else AC_MSG_RESULT([no]) @@ -328,6 +328,7 @@ SB_CHECK_PATH([/proc/self/fd], [/0]) SB_CHECK_PATH([/dev/fd], [/0]) SB_CHECK_PATH([/proc/self/cmdline]) SB_CHECK_PATH([/proc/1/cmdline]) +SB_CHECK_PATH([/proc/$$/cmdline]) dnl We add to CPPFLAGS rather than doing AC_DEFINE_UNQUOTED dnl so we dont have to worry about fully expanding all of |